1 files changed, 36 insertions, 9 deletions

diff --git a/push.c b/push.c
index 70bb9a3..08c7f99 100644
--- a/push.c
+++ b/push.c
@@ -5,7 +5,7 @@
  *             packet encryption, packet authentication, and
  *             packet compression.
  *
- *  Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2
@@ -63,13 +63,23 @@ receive_auth_failed (struct context *c, const struct buffer *buffer)
 #ifdef ENABLE_MANAGEMENT
       if (management)
 	{
-	  const char *reason = UP_TYPE_AUTH;
+	  const char *reason = NULL;
 	  struct buffer buf = *buffer;
 	  if (buf_string_compare_advance (&buf, "AUTH_FAILED,") && BLEN (&buf))
 	    reason = BSTR (&buf);
-	  management_auth_failure (management, reason);
-	}
+	  management_auth_failure (management, UP_TYPE_AUTH, reason);
+	} else
+#endif
+	{
+#ifdef ENABLE_CLIENT_CR
+	  struct buffer buf = *buffer;
+	  if (buf_string_match_head_str (&buf, "AUTH_FAILED,CRV1:") && BLEN (&buf))
+	    {
+	      buf_advance (&buf, 12); /* Length of "AUTH_FAILED," substring */
+	      ssl_put_auth_challenge (BSTR (&buf));
+	    }
 #endif
+	}
     }
 }
 
@@ -102,8 +112,8 @@ send_auth_failed (struct context *c, const char *client_reason)
   schedule_exit (c, c->options.scheduled_exit_interval, SIGTERM);
 
   len = (client_reason ? strlen(client_reason)+1 : 0) + sizeof(auth_failed);
-  if (len > TLS_CHANNEL_BUF_SIZE)
-    len = TLS_CHANNEL_BUF_SIZE;
+  if (len > PUSH_BUNDLE_SIZE)
+    len = PUSH_BUNDLE_SIZE;
 
   {
     struct buffer buf = alloc_buf_gc (len, &gc);
@@ -171,14 +181,15 @@ bool
 send_push_reply (struct context *c)
 {
   struct gc_arena gc = gc_new ();
-  struct buffer buf = alloc_buf_gc (TLS_CHANNEL_BUF_SIZE, &gc);
+  struct buffer buf = alloc_buf_gc (PUSH_BUNDLE_SIZE, &gc);
   struct push_entry *e = c->options.push_list.head;
   bool multi_push = false;
   static char cmd[] = "PUSH_REPLY";
   const int extra = 64; /* extra space for possible trailing ifconfig and push-continuation */
   const int safe_cap = BCAP (&buf) - extra;
+  bool push_sent = false;
 
-  buf_printf (&buf, cmd);
+  buf_printf (&buf, "%s", cmd);
 
   while (e)
     {
@@ -192,9 +203,10 @@ send_push_reply (struct context *c)
 		const bool status = send_control_channel_string (c, BSTR (&buf), D_PUSH);
 		if (!status)
 		  goto fail;
+		push_sent = true;
 		multi_push = true;
 		buf_reset_len (&buf);
-		buf_printf (&buf, cmd);
+		buf_printf (&buf, "%s", cmd);
 	      }
 	    }
 	  if (BLEN (&buf) + l >= safe_cap)
@@ -218,6 +230,21 @@ send_push_reply (struct context *c)
     {
       const bool status = send_control_channel_string (c, BSTR (&buf), D_PUSH);
       if (!status)
+        goto fail;
+      push_sent = true;
+    }
+
+  /* If nothing have been pushed, send an empty push,
+   * as the client is expecting a response
+   */
+  if (!push_sent)
+    {
+      bool status = false;
+
+      buf_reset_len (&buf);
+      buf_printf (&buf, "%s", cmd);
+      status = send_control_channel_string (c, BSTR(&buf), D_PUSH);
+      if (!status)
 	goto fail;
     }